Посмотреть зависимости пакета python

pipdeptree 2.10.2

Command line utility to show dependency tree of packages.

Навигация

Ссылки проекта

Статистика

Метаданные

Лицензия: MIT License (Copyright (c) The pipdeptree developers Permission is hereby granted, free of charge, to any person. )

Сопровождающий: Bernát Gábor

Метки application, cache, directory, log, user

Требует: Python >=3.8

Владелец

Сопровождающие

Классификаторы

Описание проекта

pipdeptree

pipdeptree is a command line utility for displaying the installed python packages in form of a dependency tree. It works for packages installed globally on a machine as well as in a virtualenv. Since pip freeze shows all dependencies as a flat list, finding out which are the top level packages and which packages do they depend on requires some effort. It’s also tedious to resolve conflicting dependencies that could have been installed because older version of pip didn’t have true dependency resolution[^1]. pipdeptree can help here by identifying conflicting dependencies installed in the environment.

To some extent, pipdeptree is inspired by the lein deps :tree command of Leiningen.

Installation

Running in virtualenvs

If you want to run pipdeptree in the context of a particular virtualenv, you can specify the —python option. Note that this capability has been recently added in version 2.0.0 .

Alternatively, you may also install pipdeptree inside the virtualenv and then run it from there.

Usage and examples

To give you a brief idea, here is the output of pipdeptree compared with pip freeze :

$ pip freeze  git+git@github.com:naiquevin/lookupy.git@cdbe30c160e1c29802df75e145ea4ad903c05386#egg @ file:///private/tmp/pipdeptree-2.0.0b1-py3-none-any.whl And now see what pipdeptree outputs,

$ pipdeptree Warning.  Possibly conflicting dependencies found: *  - MarkupSafe  > installed:  - itsdangerous  > installed:  - Jinja2  > installed:  - MarkupSafe  > installed:  - Werkzeug  > installed:  - pip  > installed: 

Yes, there’s a —reverse (or simply -r ) flag for this. To find out which packages depend on a particular package(s), it can be combined with —packages option as follows:

$ pipdeptree --reverse --packages itsdangerous,MarkupSafe Warning.  Possibly conflicting dependencies found: *  - MarkupSafe  > installed:  -   itsdangerous> -   MarkupSafe> -   Jinja2>

Note: The —warn option is added in version 0.6.0 . If you are using an older version, use —nowarn flag to silence the warnings.

Warnings about circular dependencies

In case any of the packages have circular dependencies (eg. package A depends on package B and package B depends on package A), then pipdeptree will print warnings about that as well.

$ pipdeptree --exclude pip,pipdeptree,setuptools,wheel Warning.  Cyclic dependencies found: -     CircularDependencyA -     CircularDependencyB ------------------------------------------------------------------------ Similar to the warnings about conflicting dependencies, these too are printed to stderr and can be controlled using the --warn option.

In the above example, you can also see —exclude option which is the opposite of —packages ie. these packages will be excluded from the output.

Using pipdeptree to write requirements.txt file

If you wish to track only top level packages in your requirements.txt file, it’s possible by grep-ing[^3]. only the top-level lines from the output,

$ pipdeptree --warn silence  grep -E There is a problem here though - The output doesn't mention anything about Lookupy being installed as an editable package (refer to the output of pip freeze above) and information about its source is lost. To fix this, pipdeptree must be run with a -f or --freeze flag.

$ pipdeptree -f --warn silence  grep -E  git+git@github.com:naiquevin/lookupy.git@cdbe30c160e1c29802df75e145ea4ad903c05386#egg @ file:///private/tmp/pipdeptree-2.0.0b1-py3-none-any.whl  pipdeptree -f --warn silence  grep -E  > requirements.txt

The freeze flag will not prefix child dependencies with hyphens, so you could dump the entire output of pipdeptree -f to the requirements.txt file thus making it human-friendly (due to indentations) as well as pip-friendly.

$ pipdeptree -f  tee locked-requirements.txt      git+git@github.com:naiquevin/lookupy.git@cdbe30c160e1c29802df75e145ea4ad903c05386#egg @ file:///private/tmp/pipdeptree-2.0.0b1-py3-none-any.whl  On confirming that there are no conflicting dependencies, you can even treat this as a "lock file" where all packages, including the transient dependencies will be pinned to their currently installed versions. Note that the locked-requirements.txt file could end up with duplicate entries. Although pip install wouldn't complain about that, you can avoid duplicate lines (at the cost of losing indentation) as follows,

$ pipdeptree -f  sed   sort -u > locked-requirements.txt

Using pipdeptree with external tools

It’s also possible to have pipdeptree output json representation of the dependency tree so that it may be used as input to other external tools.

Note that —json will output a flat list of all packages with their immediate dependencies. This is not very useful in itself. To obtain nested json, use —json-tree

Visualizing the dependency graph

The dependency graph can also be visualized using GraphViz:

$ pipdeptree --graph-output dot > dependencies.dot $ pipdeptree --graph-output pdf > dependencies.pdf $ pipdeptree --graph-output png > dependencies.png $ pipdeptree --graph-output svg > dependencies.svg

Note that graphviz is an optional dependency ie. required only if you want to use —graph-output . If the version of graphviz installed in the env is older than 0.18.1, then a warning will be displayed about upgrading graphviz . Support for older versions of graphviz will be dropped soon.

Since version 2.0.0b1 , —package and —reverse flags are supported for all output formats ie. text, json, json-tree and graph.

In earlier versions, —json , —json-tree and —graph-output options override —package and —reverse .

Usage

usage: pipdeptree.py     PYTHON        PACKAGES  PACKAGES    OUTPUT_FORMAT tree of the installed python packages optional arguments:  -h, --help show this  message and  -v, --version show program                  somepackage.*    somepackage.* If set, --all will be ignored.  -j, --json Display dependency tree as json. This will yield  output that may be used by external tools. This option  overrides all other options.  --json-tree Display dependency tree as json which is nested the  same way as the plain text output printed by default.  This option overrides all other options  --json --graph-output OUTPUT_FORMAT  Print a dependency graph  the specified output  format. Available are all formats supported by  GraphViz, e.g.: dot, jpeg, pdf, png, svg

Known issues

1. pipdeptree relies on the internal API of pip . I fully understand that it’s a bad idea but it mostly works! On rare occasions, it breaks when a new version of pip is out with backward incompatible changes in internal API. So beware if you are using this tool in environments in which pip version is unpinned, specially automation or CD/CI pipelines.

Limitations & Alternatives

pipdeptree merely looks at the installed packages in the current environment using pip, constructs the tree, then outputs it in the specified format. If you want to generate the dependency tree without installing the packages, then you need a dependency resolver. You might want to check alternatives such as pipgrip or poetry.

License

Footnotes

[^1]: pip version 20.3 has been released in Nov 2020 with the dependency resolver _ [^2]: pip version 20.3 has been released in Nov 2020 with the dependency resolver _ [^3]: If you are on windows (powershell) you can run pipdeptree —warn silence | Select-String -Pattern ‘^\w+’ instead of grep

Источник

pip list#

List installed packages, including editables. Packages are listed in a case-insensitive sorted order.

Options#

-o , —outdated # List outdated packages -u , —uptodate # List uptodate packages -e , —editable # List editable projects. -l , —local # If in a virtualenv that has global access, do not list globally-installed packages. —user # Only output packages installed in user-site. —path # Restrict to the specified installation path for listing packages (can be used multiple times). —pre # Include pre-release and development versions. By default, pip only finds stable versions. —format # Select the output format among: columns (default), freeze, or json. The ‘freeze’ format cannot be used with the —outdated option. —not-required # List packages that are not dependencies of installed packages. —exclude-editable # Exclude editable package from output. —include-editable # Include editable package from output. —exclude # Exclude specified package from the output -i , —index-url # Base URL of the Python Package Index (default https://pypi.org/simple). This should point to a repository compliant with PEP 503 (the simple repository API) or a local directory laid out in the same format. —extra-index-url # Extra URLs of package indexes to use in addition to —index-url. Should follow the same rules as —index-url. —no-index # Ignore package index (only looking at —find-links URLs instead). -f , —find-links # If a URL or path to an html file, then parse for links to archives such as sdist (.tar.gz) or wheel (.whl) files. If a local path or file:// URL that’s a directory, then look for archives in the directory listing. Links to VCS project URLs are not supported.

Examples#

$ python -m pip list Package Version ------- ------- docopt 0.6.2 idlex 1.13 jedi 0.9.0 

C:\> py -m pip list Package Version ------- ------- docopt 0.6.2 idlex 1.13 jedi 0.9.0 

$ python -m pip list --outdated --format columns Package Version Latest Type ---------- ------- ------ ----- retry 0.8.1 0.9.1 wheel setuptools 20.6.7 21.0.0 wheel 

C:\> py -m pip list --outdated --format columns Package Version Latest Type ---------- ------- ------ ----- retry 0.8.1 0.9.1 wheel setuptools 20.6.7 21.0.0 wheel 

$ python -m pip list --outdated --not-required Package Version Latest Type -------- ------- ------ ----- docutils 0.14 0.17.1 wheel 

C:\> py -m pip list --outdated --not-required Package Version Latest Type -------- ------- ------ ----- docutils 0.14 0.17.1 wheel 

$ python -m pip list --format=json [, , . 

C:\> py -m pip list --format=json [, , . 

$ python -m pip list --format=freeze colorama==0.3.7 docopt==0.6.2 idlex==1.13 jedi==0.9.0 

C:\> py -m pip list --format=freeze colorama==0.3.7 docopt==0.6.2 idlex==1.13 jedi==0.9.0 

When some packages are installed in editable mode, pip list outputs an additional column that shows the directory where the editable project is located (i.e. the directory that contains the pyproject.toml or setup.py file).

$ python -m pip list Package Version Editable project location ---------------- -------- ------------------------------------- pip 21.2.4 pip-test-package 0.1.1 /home/you/.venv/src/pip-test-package setuptools 57.4.0 wheel 0.36.2 

C:\> py -m pip list Package Version Editable project location ---------------- -------- ---------------------------------------- pip 21.2.4 pip-test-package 0.1.1 C:\Users\You\.venv\src\pip-test-package setuptools 57.4.0 wheel 0.36.2 

The json format outputs an additional editable_project_location field.

$ python -m pip list --format=json | python -m json.tool [   "name": "pip", "version": "21.2.4", >,   "name": "pip-test-package", "version": "0.1.1", "editable_project_location": "/home/you/.venv/src/pip-test-package" >,   "name": "setuptools", "version": "57.4.0" >,   "name": "wheel", "version": "0.36.2" > ] 

C:\> py -m pip list --format=json | py -m json.tool [   "name": "pip", "version": "21.2.4", >,   "name": "pip-test-package", "version": "0.1.1", "editable_project_location": "C:\Users\You\.venv\src\pip-test-package" >,   "name": "setuptools", "version": "57.4.0" >,   "name": "wheel", "version": "0.36.2" > ] 

Contrary to the freeze command, pip list —format=freeze will not report editable install information, but the version of the package at the time it was installed.

Источник